You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by "Dmitry Lysnichenko (JIRA)" <ji...@apache.org> on 2013/07/12 22:17:49 UTC

[jira] [Commented] (AMBARI-2644) Ambari-server can not find password for remote database with password encryption enabled

    [ https://issues.apache.org/jira/browse/AMBARI-2644?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13707327#comment-13707327 ] 

Dmitry Lysnichenko commented on AMBARI-2644:
--------------------------------------------

+1
                
> Ambari-server can not find password for remote database with password encryption enabled
> ----------------------------------------------------------------------------------------
>
>                 Key: AMBARI-2644
>                 URL: https://issues.apache.org/jira/browse/AMBARI-2644
>             Project: Ambari
>          Issue Type: Bug
>          Components: controller
>    Affects Versions: 1.2.5
>            Reporter: Siddharth Wagle
>            Assignee: Siddharth Wagle
>             Fix For: 1.2.5
>
>         Attachments: AMBARI-2644.patch
>
>
> Performed cluster setup as proposed at E2E test scenario. 
> {code}
> ambari-server setup
> ambari-server setup-ldap
> ambari-server encrypt-passwords
> ambari-server setup-https
> ambari-server start
> {code}
> Server does not start. It complains about missing password file / db password alias
> {code}
> 19:03:36,249  INFO Configuration:300 - Generation of file with password
> 19:03:37,320  INFO CredentialProvider:146 - action => PUT, alias => ambari.db.password
> 19:03:37,885  INFO Configuration:313 - Reading password from existing file
> 19:03:38,838  INFO CredentialProvider:146 - action => PUT, alias => ambari.ldap.manager.password
> 19:12:02,925  INFO Configuration:313 - Reading password from existing file
> 19:12:02,946  INFO Configuration:324 - API SSL Authentication is turned on.
> 19:12:02,946  INFO Configuration:329 - Reading password from existing file
> 19:12:02,948  INFO Configuration:481 - Hosts Mapping File null
> 19:12:02,951  INFO HostsMap:60 - Using hostsmap file null
> 19:12:04,467  INFO MasterKeyServiceImpl:209 - Loading from persistent master: #1.0# Fri, Jul 12 2013 19:03:34.717
> 19:12:06,016  INFO AmbariServer:446 - Getting the controller
> 19:12:11,146  INFO CertificateManager:68 - Initialization of root certificate
> 19:12:11,147  INFO CertificateManager:70 - Certificate exists:false
> 19:12:11,147  INFO CertificateManager:137 - Generation of server certificate
> 19:12:16,383  INFO ShellCommandUtil:43 - Command openssl genrsa -des3 -passout pass:n15KV1q6aWRZIP86XAjpTdbTaKo0HHWIsTuaOPZQdxycChECKG -out /var/lib/ambari-server/keys/ca.key 4096  was finished with exit code: 0 - the operation was completely successfully.
> 19:12:16,431  INFO ShellCommandUtil:43 - Command openssl req -passin pass:n15KV1q6aWRZIP86XAjpTdbTaKo0HHWIsTuaOPZQdxycChECKG -new -key /var/lib/ambari-server/keys/ca.key -out /var/lib/ambari-server/keys/ca.crt -batch was finished with exit code: 0 - the operation was completely successfully.
> 19:12:16,483  INFO ShellCommandUtil:43 - Command openssl x509 -passin pass:n15KV1q6aWRZIP86XAjpTdbTaKo0HHWIsTuaOPZQdxycChECKG -req -days 365 -in /var/lib/ambari-server/keys/ca.crt -signkey /var/lib/ambari-server/keys/ca.key -out /var/lib/ambari-server/keys/ca.crt 
>  was finished with exit code: 0 - the operation was completely successfully.
> 19:12:16,496  INFO ShellCommandUtil:43 - Command openssl pkcs12 -export -in /var/lib/ambari-server/keys/ca.crt -inkey /var/lib/ambari-server/keys/ca.key -certfile /var/lib/ambari-server/keys/ca.crt -out /var/lib/ambari-server/keys/keystore.p12 -password pass:n15KV1q6aWRZIP86XAjpTdbTaKo0HHWIsTuaOPZQdxycChECKG -passin pass:n15KV1q6aWRZIP86XAjpTdbTaKo0HHWIsTuaOPZQdxycChECKG 
>  was finished with exit code: 0 - the operation was completely successfully.
> 19:12:16,883  INFO AmbariServer:123 - ********* Meta Info initialized **********
> 19:12:16,896  INFO ClustersImpl:88 - Initializing the ClustersImpl
> 19:12:17,115 ERROR Configuration:610 - Error reading from credential store.
> 19:12:17,116 ERROR Configuration:616 - Cannot read password for alias = /etc/ambari-server/conf/password.dat
> 19:12:17,117 ERROR AmbariServer:455 - Failed to run the Ambari Server
> java.lang.RuntimeException: Unable to read database password
>         at org.apache.ambari.server.configuration.Configuration.readPasswordFromFile(Configuration.java:596)
>         at org.apache.ambari.server.configuration.Configuration.getRcaDatabasePassword(Configuration.java:583)
>         at org.apache.ambari.eventdb.webservice.WorkflowJsonService.setDBProperties(WorkflowJsonService.java:95)
>         at org.apache.ambari.server.controller.AmbariServer.performStaticInjection(AmbariServer.java:437)
>         at org.apache.ambari.server.controller.AmbariServer.run(AmbariServer.java:125)
>         at org.apache.ambari.server.controller.AmbariServer.main(AmbariServer.java:452)
> Caused by: java.io.FileNotFoundException: File '/etc/ambari-server/conf/password.dat' does not exist
>         at org.apache.commons.io.FileUtils.openInputStream(FileUtils.java:265)
>         at org.apache.commons.io.FileUtils.readFileToString(FileUtils.java:1457)
>         at org.apache.commons.io.FileUtils.readFileToString(FileUtils.java:1475)
>         at org.apache.ambari.server.configuration.Configuration.readPasswordFromFile(Configuration.java:594)
>         ... 5 more
> 19:12:17,118 ERROR AmbariServer:420 - Error stopping the server
> java.lang.NullPointerException
>         at org.apache.ambari.server.controller.AmbariServer.stop(AmbariServer.java:418)
>         at org.apache.ambari.server.controller.AmbariServer.main(AmbariServer.java:457)
> {code}
> Content of ambari.properties:
> {code}
> server.jdbc.rca.driver=oracle.jdbc.driver.OracleDriver
> authentication.ldap.managerDn=uid=hdfs,ou=people,ou=dev,dc=apache,dc=org
> authentication.ldap.primaryUrl=localhost:389
> server.jdbc.rca.url=jdbc:oracle:thin:@ip-10-34-79-165.ec2.internal:1521/XE
> server.connection.max.idle.millis=900000
> server.jdbc.port=1521
> server.version.file=/var/lib/ambari-server/resources/version
> server.jdbc.rca.user.passwd=/etc/ambari-server/conf/password.dat
> api.authenticate=true
> jce_policy.url=http://public-repo-1.hortonworks.com/ARTIFACTS/jce_policy-6.zip
> server.persistence.type=remote
> client.api.ssl.key_name=https.key
> authentication.ldap.useSSL=false
> ambari-server.user=ambar-server
> client.api.ssl.port=8443
> authentication.ldap.usernameAttribute=uid
> server.jdbc.user.name=ambari
> server.jdbc.schema=XE
> java.home=/usr/jdk64/jdk1.6.0_31
> server.os_type=redhat6
> api.ssl=true
> bootstrap.script=/usr/lib/python2.6/site-packages/ambari_server/bootstrap.py
> client.api.ssl.cert_name=https.crt
> authentication.ldap.bindAnonymously=false
> client.security=ldap
> server.jdbc.hostname=ip-10-34-79-165.ec2.internal
> resources.dir=/var/lib/ambari-server/resources
> security.passwords.encryption.enabled=true
> bootstrap.setup_agent.script=/usr/lib/python2.6/site-packages/ambari_server/setupAgent.py
> server.jdbc.driver=oracle.jdbc.driver.OracleDriver
> jdk.url=http://public-repo-1.hortonworks.com/ARTIFACTS/jdk-6u31-linux-x64.bin
> security.server.keys_dir=/var/lib/ambari-server/keys
> server.jdbc.rca.user.name=ambari
> webapp.dir=/usr/lib/ambari-server/web
> metadata.path=/var/lib/ambari-server/resources/stacks
> server.jdbc.url=jdbc:oracle:thin:@ip-10-34-79-165.ec2.internal:1521/XE
> server.fqdn.service.url=http://169.254.169.254/latest/meta-data/public-hostname
> bootstrap.dir=/var/run/ambari-server/bootstrap
> authentication.ldap.baseDn=dc=apache,dc=org
> server.jdbc.user.passwd=${alias=ambari.db.password}
> authentication.ldap.managerPassword=${alias=ambari.ldap.manager.password}
> server.jdbc.database=oracle
> security.server.two_way_ssl=true
> {code}
> File /etc/ambari-server/conf/password.dat is missing
> Setup flow:
> {code}
> [root@ip-10-116-65-200 kerb]# ambari-server setup
> Using python  /usr/bin/python2.6
> Initializing...
> Setup ambari-server
> Checking SELinux...
> SELinux status is 'enabled'
> SELinux mode is 'enforcing'
> Temporarily disabling SELinux
> WARNING: SELinux is set to 'permissive' mode and temporarily disabled.
> OK to continue [y/n] (y)? y
> Customize user account for ambari-server daemon [y/n] (n)? y
> Enter user account for ambari-server daemon (root):ambar-server
> Adjusting ambari-server permissions and ownership...
> Checking iptables...
> iptables is disabled now. please reenable later.
> Checking JDK...
> Downloading JDK from http://public-repo-1.hortonworks.com/ARTIFACTS/jdk-6u31-linux-x64.bin to /var/lib/ambari-server/resources/jdk-6u31-linux-x64.bin
> JDK distribution size is 85581913 bytes
> jdk-6u31-linux-x64.bin... 100% (81.6 MB of 81.6 MB)
> Successfully downloaded JDK distribution to /var/lib/ambari-server/resources/jdk-6u31-linux-x64.bin
> To install the Oracle JDK you must accept the license terms found at http://www.oracle.com/technetwork/java/javase/downloads/jdk-6u21-license-159167.txt. Not accepting will cancel the Ambari Server setup.
> Do you accept the Oracle Binary Code License Agreement [y/n] (y)? 
> Installing JDK to /usr/jdk64
> Successfully installed JDK to /usr/jdk64/jdk1.6.0_31
> Downloading JCE Policy archive from http://public-repo-1.hortonworks.com/ARTIFACTS/jce_policy-6.zip to /var/lib/ambari-server/resources/jce_policy-6.zip
> Successfully downloaded JCE Policy archive to /var/lib/ambari-server/resources/jce_policy-6.zip
> Completing setup...
> Configuring database...
> Enter advanced database configuration [y/n] (n)? y
> Select database:
> 1 - PostgreSQL (Embedded)
> 2 - Oracle
> [1]:2
> Hostname [localhost]:ip-10-34-79-165.ec2.internal
> Port [1521]:
> Select Oracle identifier type:
> 1 - Service Name
> 2 - SID
> [1]:XE
> Invalid number.
> Select Oracle identifier type:
> 1 - Service Name
> 2 - SID
> [1]:1
> Service Name [ambari]:XE
> Username [ambari]: 
> Enter Database Password [bigdata]: 
> WARNING: Before starting Ambari Server, you must copy the Oracle JDBC driver JAR file to /usr/share/java.
> Press <enter> to continue.
> Copying JDBC drivers to server resources...
> Configuring remote database connection properties...
> WARNING: Cannot find oracle sqlplus client in the path to load the Ambari Server schema. Before starting Ambari Server, you must run the following DDL against the database to create the schema 
> sqlplus ambari/bigdata < /var/lib/ambari-server/resources/Ambari-DDL-Oracle-CREATE.sql 
> Press <enter> to continue.
> WARNING: The cli was not found
> Ambari Server 'setup' completed with warnings.
> [root@ip-10-116-65-200 kerb]# less /etc/passwd
> {code}

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira